A study of four of Australia’s top 12 fertility apps conducted jointly by University of New South Wales law researcher Dr Katharine Kemp and consumer group Choice assessed the privacy policies of the 12 most popular fertility apps in Australia, which help people track menstrual cycles, ovulation, potential fertile windows, and stages of pregnancy.
Choice found the privacy policy of BabyCenter allowed the company to collect information about its users through other companies and data brokers, as well as sell personal data to other companies or provide the data to companies advertising in the app. It also allows companies to track in the app unless people opt out of the tracking.
Glow Fertility, Nurture and Eve apps “collect further information” about users from other companies, which are only described as third-party sources. And the app similarly has tracking technologies.
The terms also state Glow can disclose all user data to another company if it sells the app or the database to that company. The Ovia Fertility and Pregnancy apps were found to collect extensive data not required for the app, including diseases, financial situation, housing, safety and education level. The apps also specify they can share location and activity in the app with advertisers.
Choice reported the What To Expect app can collect information from other companies including data brokers on its users, allows the selling of user data, and also allows other companies to track users in the app.
Kate Bower, consumer data advocate at Choice, said the most concerning part was apps monetising data.
She said: “It’s pretty common for apps to monetise the data that they collect from the app, but what’s unique about the fertility apps is just how sensitive and private that information is. It’s not just your period, but it asks for information about how frequently they have sex, whether or not they’ve had a miscarriage. It can infer if you’ve had a miscarriage, if you put in a pregnancy and then that data stops being collected."
Bower said while the apps may be sold as a health service, they might be more interested in the data collection. She said in the wake of the Optus and Medibank data breaches, the lack of clear policies from some of the apps over how long the data is held is a cause for concern.